This relates to integrated circuits and more particularly, to circuitry for configuring logic on integrated circuits such as programmable integrated circuits.
Programmable integrated circuits are a type of integrated circuit that can be programmed by a user to implement a desired custom logic function. In a typical scenario, a logic designer uses computer-aided design tools to design a custom logic circuit that performs custom logic functions. When the design process is complete, the computer-aided design tools generate configuration data. The configuration data is loaded into memory elements to configure the devices to perform the functions of the custom logic circuit. Memory elements are often formed using random-access-memory (RAM) cells. Because the RAM cells are loaded with configuration data during device programming, the RAM cells are sometimes referred to as configuration memory or configuration random-access-memory cells (CRAM).
Configuration data may be supplied to a programmable device in the form of a configuration bit stream. In order to maintain the security and privacy of custom logic functions specified by the configuration data bit stream, the configuration data bit stream is often encrypted so that the programmable logic circuitry needs to decrypt the encrypted bit stream to verify the authenticity of the bit stream. In typical logic design systems, the entire configuration data bit stream is encrypted and subsequently signed using a cryptographic signature. The cryptographic signature is typically generated by hashing the entire encrypted message using either a keyed cryptographic hash function, such as a Hash Message Authentication Code (HMAC) function, or by hashing the entire encrypted bit stream using a non-keyed cryptographic hash function and subsequently signing the resulting hash tag with a privately keyed asymmetric cryptographic function. Once the hashed and encrypted bit stream is received at the programmable logic device, the logic device creates an internal signature for the received encrypted bit stream using the same hashing and signing cryptographic operations that were used to create the original signature. The logic device only decrypts and loads the received bit stream into memory if the internal signature matches the received signature.
However, in these scenarios, the entire bit stream needs to be buffered onto the programmable logic device so that the necessary hashing and authentication operations are performed before decrypting and loading any portion of the encrypted bit stream into the memory of the logic device. The buffer circuitry required to perform such operations can consume valuable chip area on the programmable logic device which undesirably limits the ability of the programmable logic device to implement custom logic functions.
It may therefore be desirable to be able to provide logic design systems and programmable logic devices with improved configuration data authentication capabilities.